Hello,
RHEL 7.5 with IPA server 4.5.4
RHEL 7.5 with IPA client 4.5.4 for installing Ipsilon from RHEL
repositories (v1.0.0) and added manually patch:
https://pagure.io/ipsilon/pull-request/44#request_diff
I have configured Jira with the plugin for SAML2 (SAML Single Sign On
(SSO) Jira, SAML/SSO
<
https://marketplace.atlassian.com/apps/1212130/saml-single-sign-on-sso-ji...>)
and it works fine, when I try to login on Jira I’m redirected to Ipsilon
server and when I put user/pass (using IPA user) I log in.
My problem is that I don’t know how to configure which users can log in
on the service. Right now all users able to login on the Ipsilon server
via “any service” can login.
On Jira side I can create the users manually and configure that just
existing users can log in, but I would prefer not to manage users on the
service provider side.
Also I want to add more services to Ipsilon, so not all users allowed to
log in on Ipsilon should log in on all services.
If I can create a pam service for any of the services managed by
ipsilon, it would be perfect, as I could create HBAC rules for any
service and authorization would be manage just on IPA.
Can anyone explain or give some documentation about this?
I forget what pam service is used by Ipsilon by default. I'd suggest you
ask on the ipsilon mailing list or in #ipsilon on freenode.
rob